@pierskarsenbarg/sdm 1.16.0 → 1.18.0

package/types/output.d.ts

@@ -263,6 +263,10 @@ export interface GetNodeNode {
      * Gateway represents a StrongDM CLI installation running in gateway mode.
      */
     gateways: outputs.GetNodeNodeGateway[];
+    /**
+     * ProxyCluster represents a cluster of StrongDM proxies.
+     */
+    proxyClusters: outputs.GetNodeNodeProxyCluster[];
     /**
      * Relay represents a StrongDM CLI installation running in relay mode.
      */
@@ -316,6 +320,34 @@ export interface GetNodeNodeGatewayMaintenanceWindow {
     cronSchedule: string;
     requireIdleness: boolean;
 }
+export interface GetNodeNodeProxyCluster {
+    /**
+     * The public hostname/port tuple at which the proxy cluster will be accessible to clients.
+     */
+    address?: string;
+    /**
+     * Unique identifier of the Relay.
+     */
+    id?: string;
+    /**
+     * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed.  If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0.  If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
+     */
+    maintenanceWindows?: outputs.GetNodeNodeProxyClusterMaintenanceWindow[];
+    /**
+     * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
+     */
+    name?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
+export interface GetNodeNodeProxyClusterMaintenanceWindow {
+    cronSchedule: string;
+    requireIdleness: boolean;
+}
 export interface GetNodeNodeRelay {
     /**
      * Device is a read only device name uploaded by the gateway process when it comes online.
@@ -408,6 +440,34 @@ export interface GetPeeringGroupResourcePeeringGroupResource {
      */
     resourceId?: string;
 }
+export interface GetPolicyPolicy {
+    /**
+     * Optional description of the Policy.
+     */
+    description?: string;
+    /**
+     * Unique identifier of the Policy.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Policy.
+     */
+    name?: string;
+    /**
+     * The content of the Policy, in Cedar policy language.
+     */
+    policy?: string;
+}
+export interface GetProxyClusterKeyProxyClusterKey {
+    /**
+     * Unique identifier of the Relay.
+     */
+    id?: string;
+    /**
+     * The ID of the proxy cluster which this key authenticates to.
+     */
+    proxyClusterId?: string;
+}
 export interface GetRemoteIdentityGroupRemoteIdentityGroup {
     /**
      * Unique identifier of the RemoteIdentityGroup.
@@ -465,6 +525,8 @@ export interface GetResourceResource {
     cituses: outputs.GetResourceResourceCitus[];
     clustrixes: outputs.GetResourceResourceClustrix[];
     cockroaches: outputs.GetResourceResourceCockroach[];
+    couchbaseDatabases: outputs.GetResourceResourceCouchbaseDatabase[];
+    couchbaseWebUis: outputs.GetResourceResourceCouchbaseWebUi[];
     db2Is: outputs.GetResourceResourceDb2I[];
     db2Luws: outputs.GetResourceResourceDb2Luw[];
     documentDbHosts: outputs.GetResourceResourceDocumentDbHost[];
@@ -524,6 +586,10 @@ export interface GetResourceResource {
     trinos: outputs.GetResourceResourceTrino[];
 }
 export interface GetResourceResourceAk {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -656,6 +722,10 @@ export interface GetResourceResourceAksBasicAuth {
     username?: string;
 }
 export interface GetResourceResourceAksServiceAccount {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -902,6 +972,10 @@ export interface GetResourceResourceAmazonEk {
      * The Access Key ID to use to authenticate.
      */
     accessKey?: string;
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -986,6 +1060,10 @@ export interface GetResourceResourceAmazonEk {
     };
 }
 export interface GetResourceResourceAmazonEksInstanceProfile {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -2271,6 +2349,115 @@ export interface GetResourceResourceCockroach {
      */
     username?: string;
 }
+export interface GetResourceResourceCouchbaseDatabase {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * The port number for N1QL queries. Default HTTP is 8093. Default HTTPS is 18093.
+     */
+    n1QlPort?: number;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface GetResourceResourceCouchbaseWebUi {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface?: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * Unique identifier of the Resource.
+     */
+    id?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name?: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride?: number;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain?: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The base address of your website without the path.
+     * * kubernetes:
+     */
+    url?: string;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface GetResourceResourceDb2I {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -2768,6 +2955,10 @@ export interface GetResourceResourceGcp {
     };
 }
 export interface GetResourceResourceGoogleGke {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -3119,6 +3310,10 @@ export interface GetResourceResourceHttpNoAuth {
     url?: string;
 }
 export interface GetResourceResourceKubernete {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -3251,6 +3446,10 @@ export interface GetResourceResourceKubernetesBasicAuth {
     username?: string;
 }
 export interface GetResourceResourceKubernetesServiceAccount {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -6543,6 +6742,30 @@ export interface NodeGatewayMaintenanceWindow {
     cronSchedule: string;
     requireIdleness: boolean;
 }
+export interface NodeProxyCluster {
+    /**
+     * The public hostname/port tuple at which the proxy cluster will be accessible to clients.
+     */
+    address: string;
+    /**
+     * Maintenance Windows define when this node is allowed to restart. If a node is requested to restart, it will check each window to determine if any of them permit it to restart, and if any do, it will. This check is repeated per window until the restart is successfully completed.  If not set here, may be set on the command line or via an environment variable on the process itself; any server setting will take precedence over local settings. This setting is ineffective for nodes below version 38.44.0.  If this setting is not applied via this remote configuration or via local configuration, the default setting is used: always allow restarts if serving no connections, and allow a restart even if serving connections between 7-8 UTC, any day.
+     */
+    maintenanceWindows?: outputs.NodeProxyClusterMaintenanceWindow[];
+    /**
+     * Unique human-readable name of the Relay. Node names must include only letters, numbers, and hyphens (no spaces, underscores, or other special characters). Generated if not provided on create.
+     */
+    name: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+}
+export interface NodeProxyClusterMaintenanceWindow {
+    cronSchedule: string;
+    requireIdleness: boolean;
+}
 export interface NodeRelay {
     /**
      * Device is a read only device name uploaded by the gateway process when it comes online.
@@ -6581,6 +6804,10 @@ export interface NodeRelayMaintenanceWindow {
     requireIdleness: boolean;
 }
 export interface ResourceAks {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -6705,6 +6932,10 @@ export interface ResourceAksBasicAuth {
     username?: string;
 }
 export interface ResourceAksServiceAccount {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -6879,6 +7110,10 @@ export interface ResourceAmazonEks {
      * The Access Key ID to use to authenticate.
      */
     accessKey?: string;
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -6959,6 +7194,10 @@ export interface ResourceAmazonEks {
     };
 }
 export interface ResourceAmazonEksInstanceProfile {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -8216,6 +8455,107 @@ export interface ResourceCockroach {
      */
     username?: string;
 }
+export interface ResourceCouchbaseDatabase {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * The host to dial to initiate a connection from the egress node to this resource.
+     */
+    hostname: string;
+    /**
+     * The port number for N1QL queries. Default HTTP is 8093. Default HTTPS is 18093.
+     */
+    n1QlPort: number;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The port to dial to initiate a connection from the egress node to this resource.
+     */
+    port?: number;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * If set, TLS must be used to connect to this resource.
+     */
+    tlsRequired?: boolean;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
+export interface ResourceCouchbaseWebUi {
+    /**
+     * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
+     */
+    bindInterface: string;
+    /**
+     * A filter applied to the routing logic to pin datasource to nodes.
+     */
+    egressFilter?: string;
+    /**
+     * Unique human-readable name of the Resource.
+     */
+    name: string;
+    /**
+     * The password to authenticate with.
+     */
+    password?: string;
+    /**
+     * The local port used by clients to connect to this resource.
+     */
+    portOverride: number;
+    /**
+     * ID of the secret store containing credentials for this resource, if any.
+     */
+    secretStoreId?: string;
+    /**
+     * Subdomain is the local DNS address.  (e.g. app-prod1 turns into app-prod1.your-org-name.sdm.network)
+     */
+    subdomain: string;
+    /**
+     * Tags is a map of key, value pairs.
+     */
+    tags?: {
+        [key: string]: string;
+    };
+    /**
+     * The base address of your website without the path.
+     * * kubernetes:
+     */
+    url: string;
+    /**
+     * The username to authenticate with.
+     */
+    username?: string;
+}
 export interface ResourceDb2I {
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
@@ -8677,6 +9017,10 @@ export interface ResourceGcp {
     };
 }
 export interface ResourceGoogleGke {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -9004,6 +9348,10 @@ export interface ResourceHttpNoAuth {
     url: string;
 }
 export interface ResourceKubernetes {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */
@@ -9128,6 +9476,10 @@ export interface ResourceKubernetesBasicAuth {
     username?: string;
 }
 export interface ResourceKubernetesServiceAccount {
+    /**
+     * If true, allows users to fallback to the existing authentication mode (Leased Credential or Identity Set) when a resource role is not provided.
+     */
+    allowResourceRoleBypass?: boolean;
     /**
      * The bind interface is the IP address to which the port override of a resource is bound (for example, 127.0.0.1). It is automatically generated if not provided.
      */

package/workflow.d.ts

@@ -3,34 +3,6 @@ import * as pulumi from "@pulumi/pulumi";
  * Workflows are the collection of rules that define the resources to which access can be requested,
  *  the users that can request that access, and the mechanism for approving those requests which can either
  *  but automatic approval or a set of users authorized to approve the requests.
- * ## Example Usage
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as sdm from "@pierskarsenbarg/sdm";
- *
- * const autoGrantWorkflow = new sdm.Workflow("autoGrantWorkflow", {
- *     autoGrant: true,
- *     enabled: true,
- *     accessRules: JSON.stringify([{
- *         type: "redis",
- *         tags: {
- *             region: "us-east",
- *         },
- *     }]),
- * });
- * const manualApprovalWorkflow = new sdm.Workflow("manualApprovalWorkflow", {
- *     autoGrant: false,
- *     accessRules: JSON.stringify([{
- *         type: "redis",
- *         tags: {
- *             region: "us-east",
- *         },
- *     }]),
- * });
- * ```
- * This resource can be imported using the import command.
- *
  * ## Import
  *
  * A Workflow can be imported using the id, e.g.,

package/workflow.js

@@ -9,34 +9,6 @@ const utilities = require("./utilities");
  * Workflows are the collection of rules that define the resources to which access can be requested,
  *  the users that can request that access, and the mechanism for approving those requests which can either
  *  but automatic approval or a set of users authorized to approve the requests.
- * ## Example Usage
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as sdm from "@pierskarsenbarg/sdm";
- *
- * const autoGrantWorkflow = new sdm.Workflow("autoGrantWorkflow", {
- *     autoGrant: true,
- *     enabled: true,
- *     accessRules: JSON.stringify([{
- *         type: "redis",
- *         tags: {
- *             region: "us-east",
- *         },
- *     }]),
- * });
- * const manualApprovalWorkflow = new sdm.Workflow("manualApprovalWorkflow", {
- *     autoGrant: false,
- *     accessRules: JSON.stringify([{
- *         type: "redis",
- *         tags: {
- *             region: "us-east",
- *         },
- *     }]),
- * });
- * ```
- * This resource can be imported using the import command.
- *
  * ## Import
  *
  * A Workflow can be imported using the id, e.g.,

package/workflow.js.map

@@ -1 +1 @@
-{"version":3,"file":"workflow.js","sourceRoot":"","sources":["../workflow.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAa,QAAS,SAAQ,MAAM,CAAC,cAAc;IAC/C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAqB,EAAE,IAAmC;QACnH,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC/D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,YAAY,CAAC;IACzD,CAAC;IAuCD,YAAY,IAAY,EAAE,WAA0C,EAAE,IAAmC;QACrG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAwC,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAuC,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;;AAzFL,4BA0FC;AA5EG,gBAAgB;AACO,qBAAY,GAAG,6BAA6B,CAAC"}
+{"version":3,"file":"workflow.js","sourceRoot":"","sources":["../workflow.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;GAWG;AACH,MAAa,QAAS,SAAQ,MAAM,CAAC,cAAc;IAC/C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAqB,EAAE,IAAmC;QACnH,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC/D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,YAAY,CAAC;IACzD,CAAC;IAuCD,YAAY,IAAY,EAAE,WAA0C,EAAE,IAAmC;QACrG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAwC,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAuC,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;;AAzFL,4BA0FC;AA5EG,gBAAgB;AACO,qBAAY,GAAG,6BAA6B,CAAC"}